Network traffic monitoring

US 9,276,819 B2
Filed: 05/29/2012
Issued: 03/01/2016
Est. Priority Date: 05/29/2012
Status: Active Grant

First Claim

Patent Images

1. A network traffic monitoring method, comprising:

generating packet information for packets destined for a target subnet;

inserting breakpoint triggers into an application to detect socket activities performed by the application and by sub-processes of the application at the target subnet;

identifying network connections associated with the application running on a device, based on the socket activities performed by the application;

aggregating an amount of network traffic information by identifying an amount of incoming traffic and an amount of outgoing traffic that has passed between the application and the target subnet based on the identified network connections and the packet information, the aggregating ignoring network traffic between other applications running on the device and devices in other subnets; and

estimating an expected cost of the aggregated amount of network traffic information attributed to the application and the target subnet.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network traffic monitoring method includes generating packet information for packets destined for a target subnet. The method includes identifying network connections associated with an application running on a device based on socket activities performed by the application. The method further includes filtering out network traffic information between the application and the target subnet based on the identified network connections and the packet information.

Citations

15 Claims

1. A network traffic monitoring method, comprising:
- generating packet information for packets destined for a target subnet;
  
  inserting breakpoint triggers into an application to detect socket activities performed by the application and by sub-processes of the application at the target subnet;
  
  identifying network connections associated with the application running on a device, based on the socket activities performed by the application;
  
  aggregating an amount of network traffic information by identifying an amount of incoming traffic and an amount of outgoing traffic that has passed between the application and the target subnet based on the identified network connections and the packet information, the aggregating ignoring network traffic between other applications running on the device and devices in other subnets; and
  
  estimating an expected cost of the aggregated amount of network traffic information attributed to the application and the target subnet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15)
- - 2. The method of claim 1, further comprising communicating the network traffic information.
  - 3. The method of claim 1, wherein generating the packet information and identifying the network connections occur substantially concurrently.
  - 4. The method of claim 1, wherein generating the packet information comprises:
    - monitoring packet traffic between the device and a plurality of subnets including the target subnet; and
      
      generating packet information for each of the plurality of subnets based on the monitored packet traffic.
  - 5. The method of claim 1, wherein the network traffic information further includes a direction of the network traffic between the application and the target subnet.
  - 6. The method of claim 1, wherein the packet information includes packet header information and packet size information.
  - 7. The method of claim 1, wherein the socket activities include at least one of socket creation and socket deletion.
  - 8. The method of claim 7, wherein the socket activities include at least one of socket creation time and socket deletion time.
  - 15. The method of claim 1, further comprising categorizing the packet information based on corresponding subnet, and saving the packet information according to the corresponding subnet.

9. A non-transitory computer readable medium comprising memory having instructions that, when executed by a processor, cause the processor to:
- generate packet information for packets sent to a target subnet;
  
  insert breakpoint triggers into an application to detect socket activities performed by the application and by sub-processes of the application at the target subnet;
  
  identify network connections associated with the application based on socket activities of the application;
  
  aggregate an amount of network traffic information by identifying an amount of incoming traffic and an amount of outgoing traffic that has passed between the application and the target subnet from the identified network connections and packet information, the aggregating ignoring network traffic between other applications running on the device and devices in other subnets; and
  
  estimate expected cost of the aggregated amount of network traffic information attributed to the application and the target subnet.
- View Dependent Claims (10, 11)
- - 10. The non-transitory computer readable medium of claim 9, wherein the memory further having instructions executable by the processor to:
    - monitor packet traffic between a device and a plurality of subnets including the target subnet; and
      
      generate packet information for each of the plurality of subnets from the monitored network traffic, the generated packet information including packet information associated with the target subnet.
  - 11. The non-transitory computer readable medium of claim 9, wherein the memory further having instructions executable by the processor to communicate the network traffic information.

12. A network traffic monitoring system comprising:
- a network sniffer engine to generate packet information for packet traffic to a target subnet;
  
  a hook engine to identify network connections associated with an application running on a device based on socket activities of the application by inserting breakpoint triggers into the application to detect socket activities performed by the application and by sub-processes of the application at the target subnet; and
  
  a filter engine to aggregate an amount of network traffic information by identifying an amount of incoming traffic and an amount of outgoing traffic that has passed between the application and the target subnet based on the identified network connections and packet information corresponding to the target subnet, the filter engine ignoring network traffic between other applications running on the device and devices in other subnets; and
  
  a communication engine to estimate an expected cost of the aggregated amount of network traffic information attributed to the application and the target subnet.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12, the network sniffer engine comprising:
    - a packet monitor engine to monitor packet traffic between the device and a plurality of subnets including the target subnet; and
      
      an extraction engine to extract packet information for packets sent to the plurality of subnets including the target subnet.
  - 14. The system of claim 12, the hook engine comprising a socket activity extraction engine to record the detected socket activities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Maon, Sigal, Manor, Lior
Primary Examiner(s)
Yao, Kwang B
Assistant Examiner(s)
PATEL, HARDIKKUMAR D

Application Number

US13/482,066
Publication Number

US 20130322266A1
Time in Patent Office

1,372 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 41/14   Network analysis or design

H04L 43/028   by filtering

H04L 43/062   related to network traffic

H04L 43/18   Protocol analysers

Network traffic monitoring

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Network traffic monitoring

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links